Mailbird Blog

Diving into GDPR and What It Means for Cybersecurity

Diving into GDPR and What It Means for Cybersecurity
Diving into GDPR and What It Means for Cybersecurity

Unless you've been living under a rock, you've probably been getting spammed by GDPR emails left and right. There's been plenty of confusion going around, too - what is the GDPR? Why am I getting these emails? Should I open them or can I just delete them? We're here to answer your questions.

What is the GDPR?

Since 1995, data collection and retention in the EU has been governed by the European Data Protection Directive. The GDPR - the General Data Protection Regulation - is an update for the modern age.

What will it change?

The GDPR is an EU-wide regulation, but it will have implications for companies around the world. Any company that handles the data of EU citizens either itself or through a subsidiary will need to comply and implement a data governance strategy. The core principles of the GDPR are:
  1. The right to be forgotten: The right to be forgotten allows EU citizens to request that data about them that is no longer relevant be removed from websites or search engines. This right has been on the books in Europe for some time, but it has now been clarified that international companies will have to comply as well.
  2. Privacy by design: The GDPR demands that services provided to EU citizens be private by design. This means that privacy and security must be central and fundamental considerations in any service, not afterthoughts that may or may not be left out.
  3. Data portability: EU citizens should be allowed to move their data at will from data collector to data collector. This would obligate Facebook, for example, to package up your data for you so you could transfer it to a new social network. Please note, Facebook account deactivation does not automatically remove the data collected by the platform.
  4. The right to access: You should be able to find out exactly what data a website has gathered about you. Do they know your age? Where you live? Who your friends are? What your favorite ice cream flavor is? The GDPR says you should be guaranteed the right to find out.

Why am I getting so many emails?

There are a few different reasons why you may have been receiving so many GDPR-related emails. Naturally, many companies have been scrambling to change their privacy policies to comply with the GDPR. Even before the GDPR, many countries demanded that businesses notify their customers about the changes - hence the emails. Part of the GDPR's requirements also state that everyone receiving emails from a business needs to have opted in to receive them. One of the results of lax internet privacy requirements is that businesses buy and sell email addresses all the time. Now, the GDPR has finally required them to ensure that everyone receiving their emails actually wants them. It would be a good idea to open emails from companies or brands you'd like to continue receiving emails from. That's because many companies will most likely stop sending emails to anyone who doesn't give them permission to do so. The mountain of GDPR spam has a silver lining after all - you get to see which (compliant) companies have your email address and get rid of the ones you don't want to hear from.

About the Author

Harold Kilpatrick is a cybersecurity consultant who also freelances as a blogger. Harold lives in New York, where he loves to go on coffee walks with his golden lab, Ernie.